Go modules package
open-cluster-management.io/ocm
pkg:golang/open-cluster-management.io/ocm
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-4740 | Hig | 8.2 | < 1.2.1 | 1.2.1 | Apr 7, 2026 | A flaw was found in Open Cluster Management (OCM), the technology underlying Red Hat Advanced Cluster Management (ACM). Improper validation of Kubernetes client certificate renewal allows a managed cluster administrator to forge a client certificate that can be approved by the OC | |
| CVE-2024-9779 | Hig | 7.5 | < 0.13.0 | 0.13.0 | Dec 17, 2024 | A flaw was found in Open Cluster Management (OCM) when a user has access to the worker nodes which contain the cluster-manager or klusterlet deployments. The cluster-manager deployment uses a service account with the same name "cluster-manager" which is bound to a ClusterRole als |
- affected < 1.2.1fixed 1.2.1
A flaw was found in Open Cluster Management (OCM), the technology underlying Red Hat Advanced Cluster Management (ACM). Improper validation of Kubernetes client certificate renewal allows a managed cluster administrator to forge a client certificate that can be approved by the OC
- affected < 0.13.0fixed 0.13.0
A flaw was found in Open Cluster Management (OCM) when a user has access to the worker nodes which contain the cluster-manager or klusterlet deployments. The cluster-manager deployment uses a service account with the same name "cluster-manager" which is bound to a ClusterRole als